你将被入侵

1. Even the most protected organizations will get hacked

Recent data breaches have shown that any company in any industry is susceptible to a data breach. Target, Sony, Home Depot and Anthem are just some of the companies that dedicated attackers have in ltrated. These breaches occurred even though these organizations took steps to protect themselves from cyber threats. Security professionals are starting to realize that even the most robust security measures will eventually succumb to a determined adversary. In other words, breaches are inevitable and, in fact, hackers may have already in ltrated an enterprise’s network.

1.即使是防护最好的组织也会被黑客攻击

最近的数据泄露表明，任何行业的任何公司都容易受到数据泄露。目标，索尼，家得宝和国歌只是一些专门的攻击者已经暗示的公司。即使这些组织采取措施保护自己免受网络威胁，这些违规行为也会发生。安全专业人员开始意识到，即使最强大的安全措施最终将屈服于一个确定的对手。换句话说，破坏是不可避免的，事实上，黑客可能已经在企业的网络。

No matter how well an organization defended itself, there were always vulnerabilities a hacker could exploit.
无论组织如何保护自己，总有一个黑客可以利用的漏洞。

2. Attackers have 100 percent success rate in penetrating networks

Lior Div, CEO of Cybereason, likes to share a striking anecdote from his time as a cyber-security researcher in the Israeli Defense Forces, where some of his duties included tracking adversarial hacking teams. The teams he tracked had a 100 percent success rate when it came to network penetration. No matter how well an organization defended itself, there were always vulnerabilities a hacker could exploit.

2.攻击者在网络渗透中具有100％的成功率

Cyber​​eason首席执行官Lior Div喜欢与以色列国防军的网络安全研究员分享一个引人注目的轶事，他的一些职责包括跟踪敌对黑客团队。他跟踪的团队在网络渗透率方面有100％的成功率。无论组织如何保护自己，总有一个黑客可以利用的漏洞。

3. The JP Morgan breach example: there is no magic shield

When the news of the JP Morgan breach became public, it was revealed that the hackers were able to access JP Morgan’s internal server because two- factor authentication was not enabled. Although two-factor authentication could have prevented hackers from utilizing that breach method, it would have ultimately failed to stop hackers from penetrating the network.
The JP Morgan internal breach was possible because attackers obtained a private certi cate from, Simmco Data Systems, the vendor that created websites for the nancial services company. With this certi cate, attackers were able to hack 420,000 websites, created by Simmco, including the site for the JP Morgan Corporate Challenge.
The Corporate Challenge website hack wouldn’t have given hackers access to JP Morgan’s internal site. However, many of company’s employees used their JP Morgan log-in credentials to access the Corporate Challenge site, which provides information on a series of road races put on by JP Morgan. Armed with this information, the hackers easily and successfully accessed JP Morgan’s network.
Even if JP Morgan had used two-factor authentication to thwart the hackers, they would have undoubtedly tried other methods until the attack was successful.
For example, the hackers already had the log-in credentials of JP Morgan workers who accessed the Corporate Challenge website along with information about what races they ran. Attackers could have used these personal details to craft a spear-phishing email about an employee’s participation in the race. When a highly customized email that references a speci c events, like a road race, arrives in an inbox, a worker could mistake it for a legitimate correspondence, open it and download the malicious content that’s attached. Remember, only one employee needs to fall.
The media debate claiming that the JPMorgan breach could have been prevented by proper implementation of two-factor authentication clearly demonstrates that the public is still searching for a magic shield that can prevent hackers from successfully penetrating a corporate network.
In reality, however, there is no unbreakable system. Professional cyber criminals have the time and the nancial means to deploy many different methods until they break the defender’s shield.

3.摩根大通被攻击：没有魔法盾

当摩根大通被攻击的消息公开时，透露黑客能够访问摩根大通的内部服务器，因为没有启用双因素身份验证。虽然双因素身份验证可以防止黑客利用该漏洞攻击方法，但它最终无法阻止黑客渗透到网络中。
由于攻击者从Simmco Data Systems（为金融服务公司创建网站的供应商）获得了私人认证，所以JP Morgan内部违约是可能的。有了这个证书，攻击者能够攻击由Simmco创建的420,000个网站，包括摩根大通公司挑战赛的网站。
企业挑战网站黑客不会让黑客访问摩根大通的内部网站。然而，许多公司的员工使用他们的摩根登录凭据访问企业挑战网站，该网站提供了摩根大通提出的一系列道路赛事的信息。有了这些信息，黑客可以轻松地成功访问摩根大通的网络。
即使摩根大通使用双因素身份验证来挫败黑客，他们毫无疑问也会尝试其他方法，直到攻击成功。
例如，黑客已经拥有访问企业挑战网站的摩根大通工人的登录凭证以及他们运行的赛事的信息。攻击者可以使用这些个人资料制作一个关于员工参加比赛的钓鱼电子邮件。当引用特定事件（如公路比赛）的高度自定义电子邮件到达收件箱时，工作人员可能将其误认为是合法通信，打开它并下载附加的恶意内容。记住，只有一个员工需要跌倒。
媒体辩论声称，通过适当实施双因素身份验证可以防止摩根大通破坏，这清楚地表明，公众仍在寻找一种魔法盾，可以防止黑客成功地渗透到企业网络。
然而，在现实中，没有牢不可破的系统。专业网络罪犯有时间和经济手段来部署许多不同的方法，直到他们打破了防守的盾牌。

4. Post-penetration: security has time to act

After in ltrating a network, cyber criminals slowly in ict damage. They gradually move around a network and perform minimal daily actions to avoid detection. This gives security teams an opportunity to detect the breach early, reducing its scope and cost.
In JP Morgan’s case, it took between two and four months for the breach to be discovered. This delay gave hackers more time to collect their bounty: information on 83 million user accounts and high-level access to 90 servers.
Even if the initial penetration was impossible to detect, many of these hackers’ activities could have been identi ed. For instance, closely monitoring the IT environment would have revealed anomalies while linking together seemingly benign events could have formed a clear picture of malicious activity.

4.被渗透后：安全有时间采取行动

网络犯罪后，网络犯罪分子慢慢受到伤害。他们逐渐在网络周围移动，执行最少的日常操作，以避免检测。这使安全团队有机会及早发现漏洞，减少其范围和成本。
在摩根大通的案例中，发现违约行为需要两到四个月的时间。这个延迟给黑客更多的时间收集他们的赏金：关于8300万用户帐户的信息和高级访问90服务器。
即使最初的渗透是不可能发现的，这些黑客的活动很可能已经被识别。例如，密切监控IT环境会显示异常，同时链接到一起似乎良性的事件可能形成一个清楚的恶意活动的图片。

Accepting that a network breach is inevitable requires security teams to adopt a new post- breach mentality.
接受网络破坏是不可避免的，需要安全团队有一种新被渗透后的心态。

Developing post-breach capabilities is crucial
Accepting that a network breach is inevitable requires security teams to adopt a new post-breach mentality. Part of this mindset entails improving network and endpoint visibility so organizations can better identify irregularities and malicious activity. Since a hacker’s activity on a network only deviates slightly from typical user behavior, an organization needs to continuously monitor behaviors and to see minor changes.
The post-breach mentality also incorporates situational awareness into a security plan. Obtaining that insight requires collecting and analyzing gigantic amounts of data in real time. To better carry out these big-data projects, the post-breach mentality requires using machine learning to automatically gure out a company’s IT environment and use context to distinguish between normal and unusual behavior.
Imagine the most innovative automated video analytics technologies that the U.S. Department of Homeland Security deploys in airport to detect possible threats. These technologies analyze video streams of security lines in real time, learn common behaviors and ag abnormal activity. Next, facial recognition technologies are used to identify suspected terrorists and issue alerts on individuals with high security signi cance. A similar approach should be used by enterprises to help them ght complex hacking operations.

发展被渗透后的能力是至关重要的

接受网络破坏是不可避免的，需要安全团队采取新的违约后的心态。这种心态的一部分需要提高网络和端点可见性，以便组织能够更好地识别不规则和恶意活动。由于黑客在网络上的活动只与典型的用户行为略有不同，因此组织需要持续监视行为并查看细微的更改。
后违约心态还将情境意识纳入安全计划。获得这种洞察需要实时收集和分析巨大数量的数据。为了更好地执行这些大数据项目，违约后的心态需要使用机器学习来自动了解公司的IT环境，并使用上下文来区分正常和异常行为。
想象一下，美国国土安全部在机场部署最具创新性的自动化视频分析技术来检测可能的威胁。这些技术实时分析安全线的视频流，学习常见行为和异常活动。接下来，面部识别技术用于识别疑似恐怖分子，并对具有高安全性意义的个人发出警报。企业应该使用类似的方法来帮助他们进行复杂的黑客操作。